Web For Pentester – Cross Site Scripting Example 3

Hello friends how are you doing? This is Osama and in this example i will be covering the 3 example of Cross Site Scripting of our series of Web For Pentester. And as we move forward in this course the challenges provided in the Lab will get hard and really interesting to solve and a fun way to learn more about your own skills and how the web application works. If you haven’t seen the previous example that we solved then here is the video reference to that post. Example-1 and Example-2 here.

Explanation :-

So now we get started as in the previous post we used the payload by make it K-sensitive to bypass the filtering in the web app so if we apply the same concept and payload as previous example here it is not going to work as there is now filtering on the word <script> regardless of case. That mean no matter how you write the script take it is going to be filtered.

the web page will render this and it is going to display this.

Hello alert(document.domain)

so in order to get around this kind of filtering what we can do is to wrap the XSS payload tag in side the same tag like this.